Aruba ClearPass for Zero Trust Security
Authenticate, authorize, and enforce secure network access control with role-based network policies based on Zero Trust Security.
Simplify network access and security with ClearPass products
Robust Network Access Control
Aruba Clear Pass Policy Manager (CPPM) provides robust network access control with granular role-based policies for authentication, authorization, continuous monitoring and enforcement. Its highly interoperability feature helps customers to leverage their investment in earlier security products.
Automated BYOD provisioning and device compliance
With ClearPass Onboard, easily create and deploy BYOD workflows to authorize employees and contractors to use their devices on secure networks.
ClearPass OnGuard’s Advanced endpoint posture assessments can automatically remediate or quarantine endpoints that violate corporate security and compliance policies.
Customized visitor experience
It’s easy to implement secure guest access and create a customized web portal using your own brand. Leverage unique features such as sponsor approval, credential delivery or usage policies via email or text.
Secure wired access control
Make sure you secure those Ethernet ports behind IP desk phones and in conference rooms that are not using secure 802.1X.
CPPM Product features
Implement reliable network access control based on Zero Trust Security.
AI-powered visibility
ClearPass Policy Manager has built in device discovery and profiling features that can be complemented with AI-powered ClearPass Device Insight or Aruba Central Client Insights.
Robust authentication
ClearPass authenticates the user or device identity against a wide variety of identity sources such as Microsoft AD, LDAP, ODBC-compliant SQL database, token servers, and internal databases.
Secure authorization
ClearPass provides authorization based on a user’s role, device type and role, authentication method, UEM attributes, device health, traffic patterns, location, and time of day.
Reliable policy enforcement
When a security compromised is detected ClearPass can be signaled to take a response action from a wide range of security, network and IT sources.
Powerful integrations
ClearPass is a vendor agnostic solution and seamlessly integrates with more than 140 security-based partner solutions to provide robust authorization and enforcement.
SSO support
Single sign-on (SSO) support works with Ping, Okta, and other identity management tools to improve user experience of SAML 2.0-based applications.
Details and specifications for Aruba ClearPass Policy Manager
Specifications
Appliances - ClearPass is available as hardware or as a virtual appliance. Virtual appliances are supported on VMware vSphere Hypervisor (ESXi), Microsoft Hyper-V, CentOS KVM, Amazon EC2 & Microsoft Azure.
- VMware ESXi up to 7.0
- Microsoft Hyper-V 2016/2019 R2/2019 and Windows 2016 R2 Enterprise
- KVM on CentOS 7.7 and Ubuntu 18.04 LTS
- Amazon AWS (EC2)
- KVM on CentOS 7.7. Ubuntu 18.04, and Ubuntu 20.04
- Amazon AWS (EC2)
- Microsoft Azure
Platform - Deployment templates for any network type, identity store and endpoint
- 802.1X, MAC authentication and captive portal support
- ClearPass OnConnect for SNMP-based enforcement on wired switches
- Advanced reporting, analytics and troubleshooting tools
- Interactive policy simulation and monitor mode utilities
- Multiple device registration portals – Guest, Aruba AirGroup, BYOD, and un-managed devices
- Admin/operator access security via CAC and TLS certificates
Framework and protocol support - RADIUS, RADIUS Dynamic Authorization, TACACS+, web authentication, SAML v2.0
- RadSec (TLS encoded RADIUS)
- TEAP (Tunneled EAP)
- EAP-FAST (EAP-MSCHAPv2, EAP-GTC, EAP-TLS)
- PEAP (EAP-MSCHAPv2, EAP-GTC, EAP-TLS, EAP-PEAPPublic, EAP-PWD)
- TTLS (EAP-MSCHAPv2, EAP-GTC, EAP- TLS, EAP-MD5, PAP, CHAP)
- EAP-TLS
- PAP, CHAP, MSCHAPv1, MSCHAPv2, EAP-MD5
- OAuth2
- WPA3
- Windows machine authentication
- SMB v2/v3
- Online Certificate Status Protocol (OCSP)
- SNMP generic MIB, SNMP private MIB
- Common Event Format (CEF), Log Event Extended Format (LEEF), and RFC5424
Supported identity stores - Microsoft Active Directory
- RADIUS
- Any LDAP compliant directory
- MySQL, Microsoft SQL, PostGRES and Oracle 11g ODBC-compliant SQL server
- Token servers
- Built-in SQL store, static hosts list
- Kerberos
- Microsoft Azure Active Directory
- Google G Suite
RFC standards - 2246, 2248, 2407, 2408, 2409, 2548, 2759, 2865, 2866, 2869, 2882, 3079, 3579, 3580, 3748, 3779, 4017, 4137, 4301, 4302, 4303, 4308, 4346, 4514, 4518, 4809, 4849, 4851, 4945, 5176, 5216, 5246, 5280, 5281, 7170, 7296, 7321, 7468, 7815, 8032, 8247
Internet drafts - Protected EAP Versions 0 and 1, Microsoft CHAP extensions, dynamic provisioning using EAP-FAST, TACACS+, draft-ietfcurdle-pkix-00 EdDSA, Ed25519, Ed448, Curve25519 and Curve448 for X.509, draft-nourse-scep-23 (Simple Certificate Enrollment Protocol)
Profiling methods - Operating conditions
- Active: Nmap, WMI, SSH, SNMP
- Passive: MAC OUI, DHCP, TCP, Netflow v5/v10, IPFIX, sFLOW, ‘SPAN’ Port, HTTP User-Agent, IF-MAP
- ClearPass Device Insight
- Integrated & 3rd Party: Onboard, OnGuard, ArubaOS, EMM/MDM, Cisco device sensor
IPv6 Support - RADIUS
- TACACS+
- Clustering (intra-node communication)
- Web and CLI based management
- IPv6 addressed authentication & authorization servers
- IPv6 accounting proxy
- IPv6 addressed endpoint context servers
- Syslog, DNS, NTP, IPsec IPv6 targets
- IPv6 Virtual IP for high availability
- HTTP Proxy
- Ingress Event Engine Syslog sources
Information assurance validations - FIPS 140-2 – Certificate #2577
- Common Criteria NDcPP + Authentication Server (ClearPass)
- USGv6 approved
- ClearPass is available as hardware or as a virtual appliance. Virtual appliances are supported on VMware vSphere Hypervisor (ESXi), Microsoft Hyper-V, CentOS KVM, Amazon EC2 & Microsoft Azure.
Aruba ClearPass security portfolio receives coveted Cyber Catalyst designation
For the second consecutive time, Marsh Cyber Catalyst Program recognizes Aruba’s security innovations for the ability to reduce cyber risk for Zero Trust and SASE implementations.
Aruba ClearPass success stories
Healthcare | Enfermera-Isabel-Zendal
Learn how Aruba ClearPass Policy Manager takes a central role for the orchestration of the hospital's network access management by allowing the team to define access policies based on the profile of users and devices and a host of definable criteria.
Manufacturing | DM
Learn how DM uses Aruba ClearPass to implement consistent role-based network policies.
Primary Education | Decatur City Schools
Learn how Aruba ClearPass unifies wired and wireless policies to help schools authenticate students, teachers, staff, and guests, saving time and addressing security needs.
Related products
Aruba ClearPass is a vendor agnostic solution that works seamlessly with Aruba and third-party network devices.
Aruba Network switches
Discover a switching portfolio purpose-built for cloud, mobile, and IoT.
Aruba access points
Offering a versatile 802.11ax and 802.11ac portfolio, Aruba's simple, fast, and secure access points support a wide range of use cases and deployment needs. Boosting IT, user, and IoT experiences, our APs rise to meet today's most challenging Wi-Fi use cases.
AI-powered client visibility
Client Insights, an important starting point for Zero Trust, delivers the visibility and intelligence needed to address the risk of unidentified and unmanaged devices on the network.
Aruba Central
A cloud-based networking solution with AI-powered insights, workflow automation, and edge-to-cloud security, Aruba Central empowers IT to manage and optimize campus, branch, remote, data center, and IoT networks from one dashboard.
Related resources
